Steganography Critical Review

With the rapid development of computer technologies and internet, one can get any information through internet very easily. To transfer or convey a message from one point to another is also very convenient in today’s era. People who have internet and computer can get any type of information related to any field without any difficulty [1]. While transferring or communicating on internet safety and security remains an issue. Steganography schemes are used to get rid of these type of safety and security issues. The standard phrase “What You See Is What You Get (WYSIWYG)” is not true if the misuse or hacking is there. One can transfer secret information through internet using Steganography

tools will help to detect intrusions and other suspicious activities on the network. The third challenge is to improve the

The National Institute of Standards and Technology (NIST) defines Information Security Continuous Monitoring as “maintaining ongoing awareness of information security, vulnerabilities, and threats to support organizational risk management decisions” (Dempsey, et al., 2011). NIST advocates for continuous monitoring of information security systems, by the process of defining the program, establishing it, implementing the program, analyzing and reporting findings, responding to the findings, and reviewing and updating the program. Additionally, they believe that in order to be more cost effective, and to improve efficiency and reliability of the monitoring program, automation would be the way to go. By making use of the latest trends in technology such as machine learning and data mining, algorithms can be developed to detect patterns, which would ordinarily be missed by the human eye. This is especially true of voluminous data where it is time consuming and just plain difficult for personnel to sift through. Such implementations leaves the security professionals with time to tackle the issues which would require human involvement (Dempsey, et al., 2011). One example of an automated monitoring system is a firewall. The job of a firewall is to monitor and regulate the network traffic coming into and out of a system, which could be as small as a single home computer connected to the internet, to several thousands of devices in an organization the size of Amazon or

Explains what a botnet is, how it is created, used and the amount or types of data that can be collected over time. The ability to track or monitor many of these botnets by antivirus software is reported to be a very low percentage of known botnets. One of the basic principles is almost a “throw everything at it and see what sticks” mentality in that developers will employ a botnet through embedding it in a quasi-convincing spam message and hoping the reader is dumb enough to click on the link (Mittleman 67.)

These proposals and systems suggestions can minimize the vulnerabilities associated with any compromises or intrusions within the network. Deploying an intrusion detection system is an essential security strategy for monitoring a network information system for abnormal or authorized activity. An intrusion detection system (IDS) is set of tools which monitor a network topology by providing a system administrator with the overall picture of how the system is being utilized. Executing an IDS will make a difference in creating a defense in depth architecture to be more compelling in recognizing any form of malicious activities. The capacity of the IDS is to monitor and survey the network traffic without affecting network activity. IDS tools gather information and analyzes it against a pre-characterized manage set, and against a set of known assault 'marks'. The IDS can scan port numbers and to determine if any breaches or attacks are occurring (Kuipers,

networks are also being targeted by malicious activity” [Overall statistics for 2014]. Many of the technologies used within these systems are now being exploited by criminals trying to access information and perform other criminal activities. The main reason for this is because most of the infrastructure in place is controlled by IT systems and the security systems in place

Processes involved in the normal operation of a botnet has no comprehensive approach to either the stages encompassing the life cycle, or the lack of compartmentalization between them (see Figure 1, Botnet Life cycle Taxonomy). Apart from normal operations, so far there’s no qualitative analysis on how these stages should be characterized, defined, or distinguished. A proposed botnet life cycle stage starts with conception and ends with reaching the desired malicious intent, i.e. a successful attack and can include DDoS, spam, phishing, or click fraud. Corresponding mechanisms to these stages of the botnet life cycle are typically focused on attempting to hide the botnet (communication processes, location of the bots, and botmaster), some of these methods include IP spoofing, multi-hopping, polymorphism, and fast-flux networks. (Garcıa-Teodoro, Macia-Fernandez, & Rodrıguez-Gomez, 2012). Any defensive approach to overcoming a botnet is dedicated to preventing execution of a particular process in one of the botnet life cycle stages or combine processes in one or more stages. Deterring execution of a single stage in the botnet life cycle can thwart a malicious and devastating outcome. In principle, prevention of hidden mechanisms doesn’t suggest deterrence of the botnet goal, but increases the probability that a botnet will be identified by a defense method.

The threat of steganography has been known to the law enforcement community for years but how can the hidden information be found with the messages spread across the entire internet. Hidden messages were always transported through public settings, with there being so many web sites especially those that could easily be modified anonymously like Craigslist, Wikipedia and Google maps could lead to an infinite possibility of locations to hide information. (Shachtman, 2010) The only way that many of these web pages are tracked are through the use of an email address and IP addresses, both of which could easily be spoofed through the use of one time use accounts, anonymizers or web proxies. Hidden messages could be hidden using any of the steganography tools, within these public web sites simply by posting an article on

The internet is a medium that is becoming progressively important as it makes information available in a quick and easy manner. It has transformed communications and acts as a global network that allows people to communicate and interact without being limited by time, boarders and distance. However, the infrastructure is vulnerable to hackers who use the system to commit cyber crime. To accomplish this, they make use of innovative stealth techniques for their malicious purposes in the internet.

Steganography is an ulterior, and lesser-known approach to private communication. Steganographic applications work by taking in three things: a cover work; this could be a picture, an audio file, a video file, etc., a message to be embedded, and a stego key; we don’t always use one but if we do it is much like an encryption key. Steganography applications will then embed the message into the cover work. This is most commonly performed using a method known as LSB embedding, which I will explain in detail.

Botnets a network of millions of computers under the control of an attacker which is used to carry out wide range of services, which includes include sending spam, hosting phishing attacks, committing online-advertising fraud, launching denial-of-service attacks etc. This botnets can employ attacks on all of the above categories. These are crafted for a particular purpose, which vary based on the preferences of the miscreant controlling the botnet, called a botnet herder. The size of botnets varies, the more important factor is what purpose they are being put toward. The Conficker botnet which was huge, infecting millions of computers but which is no harm full.

As discussed in the Problem Statement, there are several foundational flaws in the centralized architecture design of the C&C Botnets systems, which is leading the attackers to develop and use a Peer-to-Peer based control architecture designs like “Phatbot” [14], “Slapper” [12], “Nugache” [15], “Sinit” [13] etc., for the Botnet systems. These Peer-to-Peer based control architecture designs have multiple advantages like eliminating the need of using "Bootstrap" process which is a common process in P2P protocol. Another advantage of a P2P based architectures like “Nugache” is their ability to function undetected as they use a control channel which is encrypted [15]. Another advantage of a P2P based architectures like “Sinit” is their ability to provide sophisticated authentication by using public and private keys and cryptography [13]. Figure2 below illustrates the current “Command and Control Architecture of a C&C Botnet” [1]

The internet is everywhere. It has become the most widely used and accessed technology platform on the planet. It seems like it’s almost gotten to the point where your blender is going to need an IP address unless you want an outdated smoothie. So of course in this day and age when computing and online interaction has become so pervasive that it would be of paramount importance to protect your networks, your devices and yourself. Not only is cyber space ubiquitous, but cyber attacks as well. Every day worldwide countless governments, companies, and private citizens are subject to cyber attacks. The security world works round the clock in an attempt to stay ahead of the attackers. One of the most important tools that helps the security tools stay ahead of would be attackers are honeypots.

(2) Nagaraja (2011) conducted his research measuring communications between a botmaster and it's bots. (3) Nagaraja (2011) carried out a computational complexity theory design, Rudich (2004) to measure for unobservable communications channels connecting the botmaster and bots; to further hide secret communications between the botmaster and bots, Nagaraja (2011) used a version of steganography termed Stegobot. (4) The framework implemented for Nagaraja's (2011) research supported a quantitative method by using measurable properties such as channel efficiencies, channel bandwidth, duplication, botnet bandwidth, botcargo, and routing (Salkind,

A major security challenge on the Internet is the existence of a large number of compromised machines. Such machines are being increasingly used to launch various security attacks such as spamming and spreading malware, DDoS, and identity theft [1][3][6]. Two natures of the compromised machines on the Internet—sheer volume and being widespread—render many existing security countermeasures less effective and hence makes defending attacks involving compromised machines extremely